bzr & unix permissions on the .bzr contexts.
Michael Andronov
michael_andronov at sd-kyber.com
Mon Aug 2 21:43:03 BST 2010
Thanks! Very helpful !
It is clear now.
Michael.
On Mon, Aug 2, 2010 at 4:19 PM, John Arbash Meinel
<john at arbash-meinel.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael Andronov wrote:
>> John --
>> Thank you for the speedy reply.
>>
>> 1.
>>> We do stat the .bzr directory and try to preserve that permission on
>>> files that we create.
>> Does it mean, that in my scenario:
>> User1 <---> Server <--->User2.
>>
>> If User1 takes an extra action, and explicitly specified 'rwxrwx---'
>> permission to .bzr directory BEFORE he makes the push to the server,
>> then on the server the permissions will be OK, to let the second user
>> to push later?
>
> If you have already created a repository, then setting the mode on just
> .bzr won't affect everything that already exists (though newly created
> things should get the right permissions).
>
> I think we try to inherit from a containing dir if we can find it. So I
> think that doing this works:
>
> mkdir repo
> cd repo
> chmod g+sw .
> chown .group .
> bzr init-repo --no-trees .
>
> And avoids having to do any sort of recursive setting.
>
> Though I'll mention that if you access directories via sftp, etc, you
> can have problems again. (IIRC sftp automatically strips the setgid bit
> when we request it, which is a bit ... difficult.)
>
>>
>> 2.
>>> Directories need to be group rwx so that we can write into them, but
>>> files can be r-x because we don't write to existing files.
>>
>> So, in other words, if on server, I force the permission to be
>> 'rwxrwx___' both on directories AND on files, there is no harm, right?
>>
>> ( The reason I'm re-asking -- 'chmod -R g+w .bzr' looks for me a bit
>> shorter /faster then:
>> "...
>>> find .bzr -type d -print0 | xargs -0 chmod 2770
>>> chown -R .group .bzr
>> ...
>> "
>
> In general I wouldn't make files executable, so rw- for files and rwx
> for directories. g+w is fine, but you'll probably also want the group
> bit set on the directories (g+sw), because that helps to have newly
> created files still owned by the group. It probably isn't required, but
> I would still recommend it.
>
> John
> =:->
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkxXKFQACgkQJdeBCYSNAAMyUwCfeiTe46N0cIobOnkmueG1qWsn
> VAgAn0bJ51Q5KNqZf+33QRf3/6i1IMN6
> =XEV1
> -----END PGP SIGNATURE-----
>
>
More information about the bazaar
mailing list